The realm of VoIP telephony finds itself once again targeted by cybercriminals, with FreePBX, an open-source platform based on Asterisk, at the center of the storm. Widely utilized by companies, call centers, and service providers, FreePBX is currently grappling with a zero-day vulnerability that has already been actively exploited. This vulnerability affects systems that expose the Administrator Control Panel (ACP) to the network, allowing attackers to execute arbitrary commands with Asterisk user privileges. This grants them full control over the PBX, enabling them to alter configurations, redirect calls, compromise SIP trunks, and even initiate unauthorized international calls.
Numerous administrators have reported significant breaches, with thousands of SIP extensions and hundreds of trunks affected. Although Sangoma has not released technical details of the vulnerability, the community has identified several indicators of compromise, including missing or modified configuration files and suspicious scripts and log entries.
In response, the Sangoma FreePBX Security Team has issued an emergency EDGE fix for new installations, though this does not remedy already compromised systems. Administrators with expired support contracts may face difficulties obtaining this update, leaving their systems vulnerable. Immediate measures include restricting ACP access to trusted hosts, restoring systems from pre-August 21 backups, updating modules in clean environments, and changing all credentials.
This incident underscores the critical risk of exposing admin panels to the internet and highlights the need for proactive security measures to mitigate the impact of unforeseen threats, ensuring the continuity and security of corporate communications.
